From the Incident Review dashboard > Actions is possible to Share Notable Events. To get the URL of the notable event a shortID is created on the fly. Could it be possible to automatically g...
Team,
I know how to create tickets to an external ticketing system for single rules, but in Enterprise Security, it is difficult to go to all rules and modify output actions to run a script for c...
We have splunk 6.2.1 running in our environment. As part of securityreview procedures, any dashboards we create need to be run through an automated securityreview product like hailstorm. One of t...
...ount by "src_user","user" | where 'count'>0
This rule fires for machine deletions such as when our system engineers remove machines after testing. We don't want to see this activity in i...
Hi guys,
I have an issue with splunk ES, any help would be much appreciated.
The symptoms - some correlation searches (under content management) does not translate to incidents (under incident review...
I am receiving a Health Check warning regarding the roles and responsibilities for our "investigative_canvas" in Enterprise Security. I have referred to the URL below initially. I do not see any p...
Good morning. I am constantly getting the message:
One or more machines does not meet the recommended minimum system requirements. Review the documentation for details.
How do I get it to s...
Was requested that I do development on my laptop, and to install Splunk ES 2.4 on my laptop (along with Splunk Enterprise 5.02, SideView Utility 1.35). Laptop is on Windows XP SP3 and has only 2 GB o...